Actions
Feature #2436
closed[mod_auth] Implement the ssl backend/method
ASK QUESTIONS IN Forums:
Description
Hello,
please let me quote the commit message, which should say it all:
[mod_auth] Implement the ssl backend/method.
When SSL client certificate verification if activated (even if not
enforced), one can specify a given field of the certificate to be used
as the username, making it possible to set access restrictions based
on that username. Connecting without a certificate means a denied
access to restricted paths (no username).
Configuration example:
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
# more ssl-related settings
auth.backend = "ssl"
auth.backend.ssl.field = "SSL_CLIENT_S_DN_CN"
auth.require = (
"/any-ssl-user" => (
"require" => "valid-user",
"method" => "ssl"
),
"/only-specific-ssl-users" => (
"require" => "user=james|user=alec",
"method" => "ssl"
)
)
Signed-off-by: Cyril Brulebois <kibi@debian.org>
I've tested this successfully on 1.4.28; I've also tried to make sure misconfigurations are detected properly.
The patch applied cleanly on 1.4.32, except for the documentation file that moved under doc/outdated/.
Mraw,
KiBi.
Files
Updated by stbuehler over 11 years ago
- Target version changed from 1.4.x to 1.4.33
Updated by stbuehler about 11 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset r2894.
Actions
Also available in: Atom